Lucene search
+L

21 matches found

nessus
nessus
added 2026/06/22 12:0 a.m.9 views

Amazon Linux 2023 : python3-mako (ALAS2023-2026-1846)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1846 advisory. Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an...

8.7CVSS5.9AI score0.00361EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/06/05 7:11 p.m.12 views

CVE-2026-44307

A flaw was found in Mako, a Python template library. A remote attacker could exploit a directory traversal vulnerability by crafting a Uniform Resource Identifier URI with backslash traversal. This bypasses security checks, allowing the attacker to read files outside the intended template...

8.7CVSS5.3AI score0.00609EPSS
Exploits1References7
cvelist
cvelist
added 2026/06/04 2:17 p.m.40 views

CVE-2026-41065 Tautulli Vulnerable to Unauthenticated/Authenticated Remote Code Execution via Newsletter Custom Template Directory

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 are vulnerable to remote code execution via the newsletter custom template directory feature. On a fresh install before the setup wizard is completed, all management endpoints are completely...

9.3CVSS0.00434EPSS
Exploits0References2
cve
cve
added 2026/06/04 2:17 p.m.19 views

CVE-2026-41065

Tautulli versions prior to 2.17.1 are vulnerable to unauthenticated/authenticated remote code execution via the newsletter custom template directory feature. On a fresh install (before setup wizard completion) or on an installed system with credentials, an attacker can create a newsletter agent a...

9.3CVSS6.5AI score0.00434EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/04 2:17 p.m.9 views

CVE-2026-41065 Tautulli Vulnerable to Unauthenticated/Authenticated Remote Code Execution via Newsletter Custom Template Directory

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 are vulnerable to remote code execution via the newsletter custom template directory feature. On a fresh install before the setup wizard is completed, all management endpoints are completely...

9.3CVSS6.5AI score0.00434EPSS
Exploits0References2
nvd
nvd
added 2026/05/12 10:16 p.m.23 views

CVE-2026-44307

Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the...

8.7CVSS0.00609EPSS
Exploits1References4
osv
osv
added 2026/05/12 10:16 p.m.14 views

UBUNTU-CVE-2026-44307

Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the...

8.7CVSS5.8AI score0.00609EPSS
Exploits1References6
cvelist
cvelist
added 2026/05/12 9:53 p.m.43 views

CVE-2026-44307 Mako: Path traversal via backslash URI on Windows in TemplateLookup

Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the...

8.7CVSS0.00609EPSS
Exploits1References4
vulnrichment
vulnrichment
added 2026/05/12 9:53 p.m.8 views

CVE-2026-44307 Mako: Path traversal via backslash URI on Windows in TemplateLookup

Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the...

8.7CVSS5.8AI score0.00609EPSS
Exploits1References4
cve
cve
added 2026/05/12 9:53 p.m.26 views

CVE-2026-44307

CVE-2026-44307 describes a Windows-specific path traversal in the Mako template library prior to 1.3.12. A URI using backslash traversal (for example, \..\..\secret.txt) bypasses the directory traversal check in Template.__init__ and the posixpath-based normalization in TemplateLookup.get_templat...

8.7CVSS5.8AI score0.00609EPSS
Exploits1References4
osv
osv
added 2026/05/12 9:53 p.m.2 views

CVE-2026-44307 Mako: Path traversal via backslash URI on Windows in TemplateLookup

Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the...

8.7CVSS6AI score0.00609EPSS
Exploits1References6
debiancve
debiancve
added 2026/05/12 9:53 p.m.15 views

CVE-2026-44307

Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the...

8.7CVSS5.8AI score0.00609EPSS
Exploits1
osv
osv
added 2026/05/06 9:45 p.m.9 views

GHSA-2H4P-VJRC-8XPQ Mako vulnerable to path traversal via backslash URI on Windows in TemplateLookup

Summary On Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the configured template directory. Details The root cause is a...

8.7CVSS5.8AI score0.00609EPSS
Exploits1References6
susecve
susecve
added 2026/04/25 1:35 a.m.6 views

SUSE CVE-2026-41205

Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be...

7.5CVSS5.3AI score0.00361EPSS
Exploits0References6
ubuntucve
ubuntucve
added 2026/04/24 12:0 a.m.5 views

CVE-2026-41205

Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be...

8.7CVSS5.8AI score0.00361EPSS
Exploits0References3
osv
osv
added 2026/04/24 12:0 a.m.4 views

UBUNTU-CVE-2026-41205

Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be...

8.7CVSS5.8AI score0.00361EPSS
Exploits0References4
nvd
nvd
added 2026/04/23 7:17 p.m.10 views

CVE-2026-41205

Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be...

8.7CVSS0.00361EPSS
Exploits0References3
debiancve
debiancve
added 2026/04/23 6:52 p.m.14 views

CVE-2026-41205

Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be...

8.7CVSS5.3AI score0.00361EPSS
Exploits0
euvd
euvd
added 2026/04/23 6:52 p.m.17 views

EUVD-2026-25279

Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be...

8.7CVSS5.7AI score0.00361EPSS
Exploits0References1
nessus
nessus
added 2026/04/23 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-41205

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g.,...

8.7CVSS5.8AI score0.00361EPSS
Exploits0References3
Rows per page
Query Builder